eco warns of a paradigm shift towards active network manipulation and calls for clear constitutional safeguards
In light of the current political debate in Germany surrounding the draft bill for a new German Cybersecurity Act, eco – Association of the Internet Industry warns of a fundamental shift in the understanding of state cyber defence. The draft bill provides for far-reaching powers of intervention in digital infrastructures, thereby opening the door to measures previously associated primarily with authoritarian contexts.
State intervention in IT systems: A new dimension of cyber defence
eco Board member Klaus Landefeld explains: “The law would enable precisely what we criticise in authoritarian states. The state could deploy malware, divert, prevent, alter or even inject data traffic.”
Under certain conditions, the draft act permits far-reaching measures – including the shutdown of IT systems and the deletion or alteration of data. Authorities could also carry out such interventions on the basis of retrospective judicial decisions.
A dangerous precedent for future governments
Landefeld also warns of the long-term implications: “This would give the legislature far-reaching tools to future governments as well – and who knows whether these might not actually be used in an authoritarian manner.”
From the perspective of the Internet industry, this creates structural conditions that extend beyond the current security policy context and are susceptible to abuse.
Paradigm shift: From resilience to state control of the Internet
eco criticises the fact that, in the draft act, cybersecurity is no longer primarily understood as a matter of protection, prevention and resilience, but increasingly as a justification for active intervention in the Internet and systems.
With tools such as traffic redirection, interventions in routing and DNS structures, and potential data manipulation, a technical infrastructure is emerging that is structurally suited to centrally influencing communication flows.
eco publishes statement: Clear limits instead of far-reaching powers of intervention
In its statement published today, eco therefore calls for:
- clear responsibilities and control mechanisms that stand up to the rule of law
- a strict limitation on state powers of intervention
- priority for defensive measures over offensive interventions
- a cooperative approach between the state and the Internet industry
In particular, eco considers so-called ‘hackbacks’ to be disproportionate: “Offensive or quasi-offensive countermeasures in cyberspace entail high technical, legal and foreign policy risks.”
Furthermore, ‘vulnerability management’ is discussed in this context, which, in an era of AI-supported attacks and defences, is no longer appropriate and must be rejected entirely.
eco also warns against overblocking effects, unclear obligations on providers to cooperate, and a potential weakening of existing market structures through parallel state-run services.
Cybersecurity needs resilience – not system manipulation
In conclusion, the association emphasises that cybersecurity must not become a gateway for state-led network control. Effective protection of digital infrastructures requires, above all, robust, preventive and cooperative approaches.
The legislature is now called upon to fundamentally revise the draft and ensure that measures are proportionate, technically sound and in line with the rule of law.
The full eco statement on the propoased Cybersecurity Act can be downloaded here (in German)
